Why canít I use certain words like "drop" as part of my Security Question answers?
There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".

mysqli can be very confusing when it comes to what you can and can't do when mysqlnd is vs isn't installed. And whether you're using buffered vs unbuffered queries. And whether you're using a plain vs prepared statement. And whether you want to get arrays vs feel like fighting with bound variables.
PDO is much easier to remember, but you should keep in mind it does unbuffered queries by default (it ties up the server longer and won't let you execute a second query until the first is completely read in).

I was going to post something like this as a comment for mysqli_stmt on php.net but it needs some more research and some cleanup.

(If you have mysqlnd and are using prepared statements:)

get_result() and result_metadata() may return the same type of object but their behaviors are very different.

get_result():
* Pro: Allows fetching very easily through mysqli_result
* Con: Does not work if you store_result() beforehand

result_metadata():
* Pro: Works on both buffered and non-buffered resultsets
* Con: Does not allow fetching (methods return NULL)

Also remember that you can't use bind_result() when fetching with a mysqli_result object. That's specific to mysqli_stmt.

So if you
* want buffering: use result_metadata() and mysqli_stmt::fetch()
* want binding: use result_metadata() and mysqli_stmt::fetch()
* want arrays: use get_result() and mysqli_result::fetch_*()